Friday, July 24, 2015

Brief history of DDoS attacks

Discovery and first experiments
DDoS are discovered and starts to be used by researchers and then script kiddies.

1996: Syn flood
1997-1998: smurf attacks and first DDoS tools come out
1999: Trinoo, Stacheldraht tools become popular

First DDoS big attacks
The experiments start to hit big targets which are usually unprepared to respond. Attackers feel very powerful.

2000: Attacks on ebay, yahoo, amazon, CNN
2002: Attack to the DNS root servers
2003: 1 milion zombie computers infected by the worm MyDoom perform a DDoS attack

DDoS against important targets
DDoS are used as a powerful tool to hit important targets and are used as a gun by cyber criminals.
Somone starts to speak about "cyber warfare".

2007: Cyber attacks against Estonia
2008: Cyber attacks against Georgia
2009: Attacks against UltraDNS, The Pirate Bay, Register.com
2009: Attacks against: South Korea, USA, Washington Post, New York Stock Exchange
2009: Attack against Iran
2009: Attacks against: Facebook, Twitter, Google

The Anonymous era
Hacktivism become popular, no one is safe. First attacks against critical infrastructures.

2010: Anonymous - Operation Payback
2011/2012: Operation Tunisia, Sony, Syria, MegaUpload, Russia, India, Japan, etc
2012/2013: Operation Ababil
2014: Operation HackingCup
2014: Attack against Feedly
2014: Bear malware targets US and Canadian critical infrastructure providers

1 comment:

  1. Enabling web caching can mitigate the DoS attack on GET request. But another common type of DoS attack is to send huge amounts of data in an HTTP POST method. To mitigate this type of DoS, it is considered best practice to set the PostTimeoutSecs, MaxPostTimeSecs, MaxPostSize settings in your web server or application server. The parameter names vary across different servers. Thanks~ Anne from sdlc security training

    ReplyDelete